aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/dracut/90zfs/zfs-load-key.sh.in
diff options
context:
space:
mode:
authorKash Pande <[email protected]>2018-02-20 13:13:20 -0500
committerBrian Behlendorf <[email protected]>2018-02-23 12:57:28 -0800
commit7280d581973e923c6492b59803246a94347a47b8 (patch)
treeb69fe52d69d526ba08e1d4eb809901988f657290 /contrib/dracut/90zfs/zfs-load-key.sh.in
parentbf95a000c432dc92591432bfd2b7943cbbfb6708 (diff)
Enable booting from nested encrypted datasets
- enable booting from nested encrypted datasets - fix plymouth boot splash passphrase entry - optimize unlock process Co-authored-by: Kash Pande <[email protected]> Co-authored-by: Matthew Thode <[email protected]> Signed-off-by: Kash Pande <[email protected]> Signed-off-by: Matthew Thode <[email protected]> Closes #7214
Diffstat (limited to 'contrib/dracut/90zfs/zfs-load-key.sh.in')
-rwxr-xr-xcontrib/dracut/90zfs/zfs-load-key.sh.in16
1 files changed, 4 insertions, 12 deletions
diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in
index 9a6241bd7..6c1f423ae 100755
--- a/contrib/dracut/90zfs/zfs-load-key.sh.in
+++ b/contrib/dracut/90zfs/zfs-load-key.sh.in
@@ -33,21 +33,13 @@ fi
# if pool encryption is active and the zfs command understands '-o encryption'
if [[ $(zpool list -H -o feature@encryption $(echo "${root}" | awk -F\/ '{print $1}')) == 'active' ]]; then
- # check if root dataset has encryption enabled
- if $(zfs list -H -o encryption "${root}" | grep -q -v off); then
- # figure out where the root dataset has its key, the keylocation should not be none
- while true; do
- if [[ $(zfs list -H -o keylocation "${root}") == 'none' ]]; then
- root=$(echo -n "${root}" | awk 'BEGIN{FS=OFS="/"}{NF--; print}')
- [[ "${root}" == '' ]] && exit 1
- else
- break
- fi
- done
+ # if the root dataset has encryption enabled
+ ENCRYPTIONROOT=$(zfs get -H -o value encryptionroot ${ZFS_DATASET})
+ if ! [ "${ENCRYPTIONROOT}" = "-" ]; then
# decrypt them
TRY_COUNT=5
while [ $TRY_COUNT != 0 ]; do
- zfs load-key "$root" <<< $(systemd-ask-password "Encrypted ZFS password for ${root}: ")
+ zfs load-key "${ENCRYPTIONROOT}" <<< $(systemd-ask-password "Encrypted ZFS password for ${root}: ")
[[ $? == 0 ]] && break
((TRY_COUNT-=1))
done